HTTPAuthSessionWrapper doesn't accept anonymous requests

Description

HTTPAuthSessionWrapper won't accept anonymous requests, when an instance of twisted.cred.checkers.AllowAnonymousAccess (or any other checker that supports credentials.IAnonymous) is registered in a Portal.

My patch changes HTTPAuthSessionWrapper#getChildWithDefault to return a util.DeferredResource, (which delegates authentication to the portal) if the HTTP request doesn't have an "authorization" header, instead of returning an instance of UnauthorizedResource. This makes it possible to use HTTPAuthSessionWrapper with a checker that handles IAnonymous credentials.